1
0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-18 00:13:30 +01:00
Commit Graph

77 Commits

Author SHA1 Message Date
Raymond Hill
bf384e2bca
better evaluate vAPI.webextFlavor 2018-04-04 12:42:01 -04:00
Raymond Hill
2afd9919cc
fix #3624 2018-03-18 13:56:20 -04:00
Raymond Hill
1e8d966938
fix regression in Firefox legacy version 2018-03-11 18:59:21 -04:00
Raymond Hill
dd979ff5ff
code review: allow dev build of Firefox to update resources.txt 2018-03-11 10:38:35 -04:00
Raymond Hill
a69379068e
fix nonsensical "obsolete" status for user filters 2018-03-04 15:00:42 -05:00
Raymond Hill
17930cc778
fix #3474, #2823 2018-02-15 17:25:38 -05:00
Raymond Hill
1cd61063fa
fix #3380 2017-12-30 17:38:07 -05:00
Raymond Hill
f7c02e237f
code review for #3331: increase restrictions
Only resources from within current directory will be allowed,
everything else will be silently rejected.
For example, this will forbid pulling lists from different repos
on GitHub, despite the lists being same origin.
2017-12-30 11:05:15 -05:00
Raymond Hill
a9f68fe02f
Fix #3069, and consequently #3374, #3378.
A new filtering class has been created: "static extended filtering".
This new class is an umbrella class for more specialized filtering
engines:
- Cosmetic filtering
- Scriptlet filtering
- HTML filtering

HTML filtering is available only on platforms which support modifying
the response body on the fly, so only Firefox 57+ at the moment.

With the ability to modify the response body, HTML filtering has
been introduced: removing elements from the DOM before the source
data has been parsed by the browser.

A consequence of HTML filtering ability is to bring back script tag
filtering feature.
2017-12-28 13:49:02 -05:00
Raymond Hill
8e7ccef14c
code review for #3331: support relative paths as per https://github.com/AdguardTeam/AdguardBrowserExtension/issues/917 2017-12-15 09:24:06 -05:00
Raymond Hill
912582ce4b
code review: remove space as per https://github.com/AdguardTeam/AdguardBrowserExtension/issues/917 2017-12-15 07:55:15 -05:00
Raymond Hill
6a8c27b6df
fix #3331: ability to fetch sublists using !# include directives 2017-12-15 07:39:21 -05:00
Raymond Hill
36956cbc7a
remove obsolete resource caching code 2017-12-14 16:42:54 -05:00
gorhill
6a71fc59a4
evict possible remnant of resources.txt from cache [Firefox] 2017-09-29 08:22:17 -04:00
gorhill
126110c9a0
remove ability to pull latest version of resources.txt from remote repo.
This is required as per Firefox extension reviewers. Mail exchange:

========

Reviewer:
> Do I read the code correctly that you are executing remote JS by
> downloading/updating from
> https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resources.txt
> and injecting scripts in contentscripts.js?

Me:
> Yes, resources.txt contains scriptlets or other resources used to:
>
> - Minimize potential page breakage (e.g. google-analytics.com/ga.js);
> - Defuse anti-blockers (e.g. bab-defuser.js);
> - Defuse anti-blockers or minimize page breakage through redirection
> (e.g. 2x2-transparent.png)
>
> This is not a new feature -- this is also part of the legacy version,
> and I consider this is a major feature of uBO. Given how fast things can
> change out there, this allows me to quickly push fixes when a new issue
> is reported for a site without having to go through a full update of the
> extension.

Reviewer:
> I am aware that this is not a new feature. I am unclear why it has been
> allowed in the past, since it violates our policy about remote code
> execution. I assume it was missed due to the fairly complex codebase.
>
> I can approve this version so you are not blocked on the migration, but
> eventually, you cannot use functionality that executes remote code.
> Since we're moving to a more automated review process, you will be able
> to ship new versions without being blocked on a human review.

Me:
> Do I understand correctly that extensions such as TamperMonkey or
> ViolentMonkey won't be allowed on AMO?
>
> Those extensions are even more permissive than uBO given a user can
> import scripts from any source, while with uBO only scriptlets which are
> part of the project are allowed.

Reviewer:
> The key difference between add-ons like Tampermonkey and uBO is that in
> Tampermonkey, users are making an active and conscious decision to
> download and execute that specific code. In uBO, the user did not
> initiate that download/execution, nor are they even aware of it
> happening.

Me:
> So users of TamperMonkey -- tech-savvy or not -- can download & inject
> countless 3rd-party user scripts from countless authors, have them
> update on their own automatically at regular interval with no user
> intervention.
>
> On the other hand, it's not acceptable for me, the author of the
> extension, who users implicitly trusted when installing the extension,
> who is completely controlling and vouching for the content of
> "resources.txt", to have this one 1st-party resource file[1] to be
> updated at regular interval with no user intervention.
>
> So anyways, what is expected from me at this point? Do I need to remove
> scriptlet injection and resource redirection features? Do I need to
> remove only the updating part of resources.txt?
>
> [1] key to core features of uBO (counter anti-blockers + page breakage
> mitigations) and possibly an important factor in installing the
> extension.

========

Now about this commit: the purpose of the code change here is to
prevent "resources.txt" -- which is part of the package -- from being
updated -- this applies only to the Firefox webext[-hybrid] version
of uBO.
2017-08-30 09:15:06 -04:00
gorhill
1c7c703d8b
fix #2594 2017-05-08 14:00:41 -04:00
gorhill
622d8f22fb
minor code review re. #2592 2017-05-08 12:12:56 -04:00
gorhill
22d74421e3
fix #2594 2017-05-08 11:49:48 -04:00
gorhill
733917d176
fix #2526: better handle timeout conditions 2017-04-23 09:00:15 -04:00
gorhill
5015826546 fix #2267 2017-03-05 12:54:47 -05:00
gorhill
aadf4a6427 fix #2340 2017-01-26 10:17:38 -05:00
gorhill
96df129ddb code reivew: do not cache assets fetched for viewing purpose 2017-01-23 10:13:07 -05:00
gorhill
50800427b3 generic code review related to the new 3rd-party filter pane 2017-01-23 09:35:05 -05:00
gorhill
9309df4196 3rd-party filters pane revisited 2017-01-22 16:05:16 -05:00
gorhill
6e48c74e4e code review: auto-select new built-in asset if it matches locale (https://github.com/uBlockOrigin/uAssets/issues/268#issuecomment-274146120) 2017-01-20 15:17:11 -05:00
gorhill
726f0d6e1f remove stray change mistakenly added to last commit 2017-01-18 18:22:33 -05:00
gorhill
f4d2d6c891 forgot to adjust alises after modifying assts.json 2017-01-18 17:59:49 -05:00
gorhill
ff64a8340c code review: only built-in assets are candidates for removal when updating assets.json 2017-01-18 13:35:10 -05:00
Raymond Hill
3b9fd49c50 Assets management refactored (#2314)
* refactoring assets management code

* finalizing refactoring of assets management

* various code review of new assets management code

* fix #2281

* fix #1961

* fix #1293

* fix #1275

* fix update scheduler timing logic

* forward compatibility (to be removed once 1.11+ is widespread)

* more codereview; give admins ability to specify own assets.json

* "assetKey" is more accurate than "path"

* fix group count update when building dom incrementally

* reorganize content (order, added URLs, etc.)

* ability to customize updater through advanced settings

* better spinner icon
2017-01-18 13:17:47 -05:00
gorhill
50889da226 code review re. 3628de7a9d 2016-10-29 10:28:50 -04:00
gorhill
de3054b485 code review re. 3628de7a9d 2016-10-29 08:42:29 -04:00
gorhill
3628de7a9d necessary changes for https://github.com/nikrolls/uBlock-Edge/pull/22 2016-10-28 08:40:38 -04:00
gorhill
cad3c5f5cb update packaging scripts for https://github.com/uBlockOrigin/uAssets repo 2016-04-03 13:07:46 -04:00
gorhill
d286eff4ba spin-off filter lists into their own dedicated project 2016-04-01 20:58:35 -04:00
gorhill
c7f1027ab9 this fixes #1321 2016-01-30 19:16:30 -05:00
gorhill
ea49484dd3 this fixes #1067 + partially fixes #1070 2015-12-15 10:40:40 -05:00
gorhill
640452ad42 reverting last change 2015-11-23 09:57:46 -05:00
gorhill
30039ff9c7 code review 2015-11-23 09:49:50 -05:00
gorhill
135ad95d61 #760: reflect obsolete status immediately in UI 2015-10-14 14:16:43 -04:00
gorhill
4fcdac821d this fixes #760 2015-10-14 10:28:37 -04:00
gorhill
de2d993d61 re. #724: configurable xhr timeout 2015-09-25 08:31:46 -04:00
gorhill
b685af177e code review 2015-08-25 15:43:32 -04:00
gorhill
57a7f6bcd7 code review last commit re. #602
External filter lists are not meant to appear in checksums.txt.
2015-08-25 11:21:35 -04:00
gorhill
8f01f7309e this fixes #528 + checksums.txt needs patching re. #602 2015-08-25 10:09:37 -04:00
gorhill
efccaf1416 All third-party assets which are not enabled by default will no longer be
part of the package. The code here is to ensure a seamless transition from
local assets which have been converted to remote assets. The only side
effect to expect is that the selfie, if any, will be invalidated.
2015-08-18 13:15:58 -04:00
gorhill
9b4b998364 #608: this fixes a bunch of strictness-related warnings 2015-08-18 11:44:24 -04:00
gorhill
6c1678d718 Firefox: this fixes uBlock lingering in memory after disabling it 2015-06-23 11:37:54 -04:00
gorhill
93ec8ac55d not all schemes are "external" 2015-06-08 12:26:14 -04:00
gorhill
90d009ea3f this fixes https://github.com/chrisaljoudi/uBlock/issues/675 2015-06-07 20:27:19 -04:00
gorhill
facef0dc05 this fixes many addon validation warnings 2015-05-17 13:02:56 -04:00